Commit f67e2eb
committed
fix(gateway): honor dangerouslyDisableDeviceAuth regardless of sharedAuthOk
Fixes #44485
## Problem
After upgrading from 2026.3.8 to 2026.3.11, Control UI rejects all browser connections over HTTP with 'device identity required', even with `gateway.controlUi.dangerouslyDisableDeviceAuth: true`.
## Root Cause
Commit 8d1481c changed shouldSkipControlUiPairing to require BOTH:
1. dangerouslyDisableDeviceAuth: true
2. sharedAuthOk: true
But on HTTP-only deployments, sharedAuthOk is often false (no token/password provided in browser). This defeats the purpose of the flag.
## Solution
When dangerouslyDisableDeviceAuth: true, skip pairing entirely regardless of sharedAuthOk. This restores the 2026.3.8 behavior.
## Changes
- src/gateway/server/ws-connection/connect-policy.ts
- src/gateway/server/ws-connection/connect-policy.test.ts
## Testing
- [x] Unit test updated to reflect new behavior
- [x] bypass + sharedAuthOk=false now returns true
- [x] HTTP-only deployments can use Control UI again
## Impact
Restores Control UI access for HTTP-only deployments behind reverse proxies.1 parent 7c48d65 commit f67e2eb
File tree
2 files changed
+7
-1
lines changed- src/gateway/server/ws-connection
2 files changed
+7
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
182 | 182 | | |
183 | 183 | | |
184 | 184 | | |
| 185 | + | |
185 | 186 | | |
186 | | - | |
| 187 | + | |
187 | 188 | | |
188 | 189 | | |
189 | 190 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
40 | 45 | | |
41 | 46 | | |
42 | 47 | | |
| |||
0 commit comments